“Follow all these vague best practices, otherwise bad things might happen.” That sums up most security-related webinars. Here is something different. In this webinar, BugProve presents 3 vulnerabilities in embedded products.

Let’s take 3 real and recent examples, and check: 

  • What problem was detected and how?
  • What did the remediation process look like?
  • How was it fixed?
  • What can be done to prevent such from happening?

Who is this webinar for? 

  • Product Owners at embedded manufacturing companies
  • Embedded developers working on the firmware level
  • Security Researchers and QA who test such products

The 3 case studies selected: 

  1. CVE-2022-24942 in Silicon Labs Gecko SDK
  2. CVE-2023-3959 in Zavio IP cameras
  3. CVE-2023-31070 in Broadcom BCM47xx SDK

Our cases in finding vulnerabilities in embedded products highlight the need for real security over just meeting compliance standards. Regulations help steer the industry toward better security practices, but the goal is to have products free of vulnerabilities, not just compliant.

The case of CVE-2023-31070 will shed light on the challenges within the IoT supply chain. We discuss how IoT devices often rely on software kits that may not prioritize security, highlighting the risks involved when these kits are used “as is” without regular updates or security checks. This points to a broader issue in the tech industry: the need for ongoing, proactive security management to maintain and protect IoT devices over their lifespan.

The session will also touch on the significant disparity between the time spent discovering these issues versus the time and resources needed for manufacturers to address them, emphasizing the critical need for proactive security efforts.

We conclude with strategic recommendations for manufacturers to boost their product security and prevent similar vulnerabilities. This presentation aims to provide valuable insights into embedded product security and inspire more robust security practices within the IoT sector, making it particularly relevant for business leaders looking to understand and mitigate risks in their tech operations.

Our speaker:

Attila Szasz, CEO of Bugprove, a cybersecurity startup, has 10+ years of expertise. He discovered his passion for programming as a child and found his first Chrome vulnerability at 19. With vast experience in penetration testing and public speaking, Attila shares IoT security insights, trends, and automation solutions.

Watch the webinar on-demand today!

Speakers

Attila Szasz
Attila Szasz
CEO, BugProve
Attila Szasz, CEO of Bugprove, a cybersecurity startup, has 10+ years of cybersecurity expertise.
Hosts
BugProve
BugProve
Automated firmware analysis platform to identify known and 0-day vulnerabilities and to support your compliance needs.
Automated firmware analysis platform to identify known and 0-day vulnerabilities and to support your compliance needs.